North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Are botnets relevant to NANOG?

  • From: Rick Wesson
  • Date: Fri May 26 19:10:15 2006

for this community would trend analysis with the best of who is getting better and the worst of who is getting worse and some baseline counts be enough for this group to understand if the problem is getting better.

I am suggesting that NANOG is an appropriate forum to publish general stats on who the problem is getting better/worse for and possibly why things got better/worse.

I'd like to see a general head nod that there is a problem and develop some stats so we can understand if it is getting better or worse.


Fergie wrote:
Not effective against botnets.

Think of it this way, thousands of compromised hosts (zombies),
distributed to the four corners of the Internet, hundreds (if
not thousands) of AS's -- all recieving their instructions via
IRC from a C&C server somewhere, that probably also may change
due to dynamic DNS, or pump-and-dump domain registrations, or
any other various ways to continually move the C&C.

Simply going after (what may _seem_to_be_) the last-hop router
is like swinging a stick after a piņata that you can't actually
reach when you are blind-folded. :-)

- ferg

-- Peter Dambier <[email protected]> wrote:

Just an afterthought, traceroute and take the final router. I guess for
aDSL home users you will find some 8 or 11 routers in germany. My final
router never changes. Of course there can hide more than one bad guy
behind that router.


"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [email protected] or [email protected]
 ferg's tech blog: